Systems and Methods for Authenticating Transmission of Secure Information Using a Token

This application is a continuation of U.S. patent application Ser. No. 18/888,096, filed Sep. 17, 2024, which is a continuation of U.S. patent application Ser. No. 17/228,639, filed Apr. 12, 2021, which is a continuation of U.S. patent application Ser. No. 15/143,022, filed Apr. 29, 2016, which claims the benefit of priority of U.S. Provisional Application No. 62/156,057, filed May 1, 2015. The content of each of the foregoing applications is incorporated herein in its entirety by reference.

In some embodiments, a request to execute, via a first user device, a secure operation with a computing system may be detected (e.g., where the first user device satisfies a proximity condition with respect to a second user device). Authentication data corresponding to a single use token may be retrieved from the second user device based on (i) the request and (ii) the proximity condition being satisfied (e.g., where the single use token corresponds to static information associated with an account used to perform secure operations). The authentication data corresponding to the single use token may be provided to the computing system. An indication that the secure operation has been authorized may be received based on a verification of the authentication data corresponding to the single use token. The secure operation with the computing system may be executed based on the indication being received.

In some embodiments, responsive to detecting, via a first application, a request to execute a secure operation with a computing system, a short-range wireless connection between the first user device and a second user device may be established based on the first user device being proximate to the second user device. Responsive to establishing the short-range wireless connection between the first user device and the second user device, authentication data corresponding to a single use token associated with an account may be received from the second user device (e.g., where the single use token corresponds to static information associated with the account). Responsive to providing, via the first application, to the computing system, the authentication data corresponding to the single use token in lieu of a first portion of the static information, an indication that the secure operation has been authorized may be received based on a verification of the authentication data corresponding to the single use token (e.g., used in lieu of the first portion of the static information). The secure operation with the computing system may be executed based on the indication that the secure operation has been authorized.

The disclosed embodiments may include, for example, methods and systems for secure payment using tokens. Payment security may be achieved by replacing at least a portion of the static information used to authenticate a payment request with token information. The token information may be included in a token generated by the financial services system responsible for authenticating the transaction. The financial services system may provide the token to a digital wallet that communicates the token to a payment application. The payment application may provide the token information to a merchant system. The merchant system may return the token information to the financial services system. Because the financial services system generated the original token provided to the digital wallet, the financial services system can authenticate the transaction using the token information received from the merchant system. In some aspects, the merchant system may not store, communicate, or receive the replaced portion of static information. The digital wallet may be used to authenticate the user, and the proximity between the digital wallet and the payment application may be used to authenticate the payment application. The token information may be provided to the merchant system indirectly, by auto-filling payment forms. Thus, secure payment using tokens may increase the security and convenience of online transactions for users.

The disclosed embodiments may include, for example, a method using a digital wallet for authenticating electronic financial transactions with tokens. The digital wallet may receive a request for secure payment using a financial services account from a payment application. The digital wallet may communicate the request for secure payment to a financial services system associated with the financial services account. The digital wallet may receive a single-use token generated by the financial services system from the financial services system. The single-use token may be generated in response to the request for secure payment. The single-use token may correspond to the request for secure payment. The single-use token may comprise token information configured to replace at least a portion of static information identifying the financial services account. The digital wallet may communicate the single-use token to the payment application to effectuate secure payment.

Further disclosed embodiments may include, as an additional example, a method using a payment application for authenticating electronic financial transactions with tokens. The payment application may receive a request for secure payment using a financial services account. The payment application may communicate the request for secure payment to a digital wallet. The payment application may receive a single use token from the digital wallet. The single-use token may be generated by a financial services system associated with the financial services account in response to the request for secure payment. The single-use token may correspond to the request for secure payment. The single-use token may be configured to replace at least a portion of static information identifying the financial services account. The payment application may provide the token information by to a merchant system to effectuate secure payment using the financial services account. The token information may replace at least a portion of the static information identifying the financial services account.

Additional exemplary disclosed embodiments may include a method using a merchant system for authenticating electronic financial transactions with tokens. The method may include providing instructions for generating a web page. The merchant system may provide the instructions to a payment application. The web page may display a selectable control for requesting secure payment using a financial services account. The merchant system may receive token information from the payment application. This token information may be generated by a financial services system associated with the financial services account in response to a request for secure payment using the selectable control. The token information may correspond to the request for secure payment. The token information may replace at least a portion of static information identifying the financial services account. The merchant system may communicate the token information to the financial services system to effectuate the secure payment using the financial services account.

Certain exemplary disclosed embodiments may include a method using a financial services system for authenticating electronic financial transactions with tokens. The method may include receiving a request for secure payment using the financial services account. The request may be received by a financial services system associated with a financial services account. The request may be from a digital wallet. The financial services system may generate a single-use token corresponding to the request for secure payment in response to the request for secure payment. The single-use token may include token information configured to replace static information identifying the financial services account. The financial services system may provide the single-use token to the digital wallet. The financial services system may receive token information from a merchant system. The received token information may replace at least a portion of the static information identifying the financial services account. The financial services system may authenticate the request for secure payment, the authentication at least partly based on the received token information and the generated token information. The financial services system may effectuate secure payment using the financial services account.

In certain aspects, a user-associated device may implement the digital wallet and a payment device may implement the payment application. The disclosed methods may further include determining the proximity of the user-associated device and the payment device to authenticate the request for secure payment. Determining that a short-range network connects the user-associated device and the payment device may establish the proximity of the user-associated device and the payment device. The short-range network may comprise a local area network, a personal area network, a near field network, or a computer bus. The short-range network may be wireless. The short-range network may be a Wi-Fi or similar network. The short-range network may be a Bluetooth link. Determining a geographic location of one or more of the user-associated device or the payment device may establish the proximity of the user-associated device and the payment device. The determination of a geographic location may depend on global positioning system (GPS) information. The determination of a geographic location may depend on cellular network information. The determination of a geographic location may depend on IP address information. The determination of a geographic location may depend on information associated with a wireless access point, such as Wi-Fi router.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosed embodiments, as claimed.

Reference will now be made in detail to the disclosed embodiments, examples of which are illustrated in the accompanying drawings. Wherever convenient, the same reference numbers will be used throughout the drawings to refer to the same or like parts.

depicts a schematic illustrating an exemplary authentication systemfor facilitating authenticating transmission of secure information, consistent with disclosed embodiments.

Authenticating online transactions using static information, such as account number and security code, exposes users to significant security vulnerabilities. Such static information may be used for many different transactions, may be difficult or complicated to change quickly, and is generally sufficient to authorize or authenticate transactions. This results in the information being easily compromised through fraud or a security breach. Such a breach may be hard to remedy and may leave a user significantly vulnerable. Additional static information unlikely to create security vulnerabilities for a user, such as a shipping address, can be tedious to provide, and users may thus avoid or abandon transactions requiring entry of such information.

Methods and systems are therefore needed for secure authentication of transactions, and for reducing the burden of entering static information describing the transaction. The disclosed embodiments address these and other problems by pre-authenticating the user with a first application. A second application seeking to authenticate an online transaction may rely on the first application for a token configured to replace static information required for authentication. The token may include information describing the transaction, reducing the burden of entering such information. The disclosed embodiments therefore improve, among other things, the user experience by reducing the number of user steps required to originate an online transaction, while also providing an additional layer of security when authenticating online transactions.

Some embodiments involving a financial transaction may require transmission of payment information between payment applicationand merchant system. Such payment information may comprise static information, including information defining and/or describing financial transactions. In certain aspects, static information may include financial data defining and/or describing persistent characteristics of a financial transaction. As a non-limiting example, static information may include account numbers; expiration dates; authentication codes; account holder identifiers, such as account holder names or identification numbers; billing addresses; mailing addresses, and similar data. Account numbers may include credit card numbers. Authentication codes may include card security codes, including, but not limited to, card verification codes (CVCs). One of skill in the art would recognize that the disclosed embodiments are not limited to these disclosed items or categories of static information. Indeed, disclosed embodiments are not limited to financial transactions but instead may be applied to authentication in any industry.

Authentication systemmay be configured to authenticate financial transactions using tokens, consistent with disclosed embodiments. For example, as described in greater detail with respect tobelow, payment applicationmay be configured to request secure execution of a financial transaction between payment applicationand merchant systemusing a financial services account provided by financial services system.

As used herein, tokens may comprise data structures or objects containing token information, consistent with disclosed embodiments. In various aspects, token information may comprise plaintext representations of one more items of static information. In some aspects, the static information may be associated with a financial services account. For example, token information may comprise a billing address. In some aspects, token information may comprise an arbitrary representation of one more items of static information. For example, token information may comprise an arbitrary word, number, or sequence of characters. For example, a randomly generated string of alphanumeric characters may correspond to a credit card number. As an additional example, an entire transaction may be represented by a sequential number unrelated to the content of the static information. Token information may concern one or more items of static information. For example, token information may include a randomly generated string of alphanumeric characters corresponding to a credit card number and a plaintext representation of an account holder name and shipping address. As an additional example, token information may represent an entire transaction. Consistent with disclosed embodiments, tokens may be single-use tokens. In certain aspects, tokens may be reused for a limited duration or number of transactions.

In certain aspects, payment applicationmay request secure execution of the transaction from digital wallet. Digital walletmay be configured to request secure execution of the transaction from financial services system. In various aspects, payment applicationmay request secure execution of the transaction from financial services system. In response to the request for secure execution of the transaction, financial services systemmay be configured to generate at least one token corresponding to the requested financial transaction. The token may be a single-use token. As described below, the token may comprise token information, which may be single-use token information. Financial services systemmay be configured to provide the token to digital wallet. Digital walletmay be configured to provide the token to payment application. Payment applicationmay be configured to provide token information to merchant systemin place of at least a portion of the required static information. Merchant systemmay provide the token information to the financial services system. Financial services systemmay authenticate the transaction based at least in part on the received token information. Financial services systemmay be configured to provide an indication of authentication to merchant system. In some aspects, financial services systemmay be configured to provide an indication of authentication to payment system. In certain aspects, merchant systemmay be configured to provide an indication of authentication to payment system.

Networkmay be configured to provide communications between components of. For example, networkmay be any type of network (including infrastructure) that provides communications, exchanges information, and/or facilitates the exchange of information, such as the Internet, a Local Area Network, or other suitable connection(s) that enables systemto send and receive information between the components of system.

Financial services systemmay be a system associated with financial services providerthat provides and/or manages financial services accounts, such as a bank, credit card company, brokerage firm, etc. In some embodiments, financial services systemmay be configured to execute stored software instructions to perform one or more methods consistent with the disclosed embodiments. In certain embodiments, financial services systemmay be configured as a particular apparatus or system based on the storage, execution, and/or implementation of the software instructions. Financial services systemmay include one or more computing systems, such as servers, general purpose computers, or mainframe computers. Financial services systemmay be stand-alone, or it may be part of a subsystem, which may be part of a larger system. For example, financial services systemmay include distributed servers that are remotely located and communicate over a public network (e.g., network) or a dedicated private network of the financial services provider. In some embodiments, financial services systemmay be implemented at least in part as a virtual system on a cloud-computing infrastructure. Consistent with disclosed embodiments, financial services systemmay include or communicate with one or more storage devices configured to store data and/or software instructions. The stored data and/or software instructions may include one or more software programs. Financial services systemmay execute the stored one or more software programs to perform one or more methods consistent with the disclosed embodiments. In certain aspects, financial services systemmay execute the stored one or more software programs remotely from financial services system. For example, financial services systemmay access one or more remote devices to execute the stored one or more software programs.

Financial services providermay be associated with financial services system, consistent with disclosed embodiments. Financial services providermay provide financial services products for customers (e.g., user). In some aspects, financial services providermay provide and/or manage financial services accounts for customers (e.g., user). Financial services accounts may include, for example, credit card accounts, checking accounts, savings accounts, loans, investment accounts, loyalty programs, and the like. Financial services providermay use one or more computing systems, including financial services system, to authorize transactions concerning financial services accounts provided for customers (e.g., user).

Digital walletmay be an application configured to run on a computer system, consistent with disclosed embodiments. In some embodiments, digital walletmay be configured to provide digital access to static information of a user (e.g., user). For example, digital walletmay be configured to provide digital access to personal information and financial account information of a user, such a billing address and credit card account information.

In certain aspects, digital walletmay be configured to store static information on a device of the user, such as a mobile device or a personal computer. In certain aspects, digital walletmay be configured to access static information stored on a financial services system (e.g., financial services system). As discussed below with respect toand, digital walletmay be configured to provide static information to other applications. In certain aspects, digital walletmay be configured to provide static information to applications running on a device associated with both applications. In some aspect, digital walletmay be configured to provide static information to applications running on devices on a common network. In various aspects, digital walletmay be configured to provide static information to applications running on devices within a shared geographic area. In some embodiments, digital walletmay be configured to require credentials authenticating user. Credentials may be required before digital walletmay be used for secure transfer (e.g., payment). For example, digital walletmay require userto enter one or more of a password or username before digital walletmay be used for secure payment. Digital walletmay be configured for communication with components of systemover network.

/Payment applicationmay comprise an application configured to request static information of a user (e.g., user), consistent with disclosed embodiments. In certain aspects, payment applicationmay request static information in connection with a proposed financial transaction. For example, payment applicationmay request billing information and credit card information in connection with a proposed credit card transaction. In certain aspects, payment applicationmay comprise a stand-alone application. As a non-limiting example, payment applicationmay comprise a digital distribution platform, a digital media store, shopping application, auction site, currency exchange application, money transfer application, or similar application known to one of skill in the art. In various aspects, payment applicationmay comprise a plugin that extends the functionality of another application. For example, payment applicationmay comprise a web browser plug-in, which may interact with instructions on a webpage to generate a request for static information. In some embodiments, payment applicationmay be configured to receive static information concerning the financial services account. For example, payment applicationmay be configured to receive static information concerning the financial services account from digital wallet. In some embodiments, payment applicationmay be configured to require credentials authenticating user. Credentials may be required before payment applicationmay be used for secure payment. For example, payment applicationmay require userto enter one or more of a password or username before digital walletmay be used for secure payment. Payment applicationmay be configured for communication with components of systemover network.

Usermay be a person associated with a financial services account provided by financial services provider. In some embodiments, usermay be a person authorized to conduct transactions using the financial services account. For example, usermay be the owner of the financial services account. As another example, usermay have authority to conduct transactions using the financial services account. This authority may derive from the owner of the financial services account.

Merchant systemmay comprise a system for collecting payment information, consistent with disclosed embodiments. Merchant systemmay include one or more computing systems, such as servers, general purpose computers, or mainframe computers. Merchant systemmay be stand-alone, or it may be part of a subsystem, which may be part of a larger system. For example, merchant systemmay include distributed servers that are remotely located and communicate over a public network (e.g., network) or a dedicated private network of the merchant. In some embodiments, merchant systemmay be associated with merchant. Merchant systemmay be configured for communication with components of systemover network.

Merchantmay comprise one or more entities doing business consistent with the disclosed embodiments. In certain aspects, merchantmay use one or more computing systems, including merchant system, to provide digital platforms for selling goods and/or services. For example, merchantmay use merchant systemto implement at least one digital distribution platform. As a non-limiting example, the at least one digital distribution platform may be configured to sell, license, or otherwise provide games, applications, and media content. In certain aspects, merchantmay use merchant system, to provide websites. As a non-limiting example, the websites may be configured to offer e-commerce functionality. For example, the websites may be configured to offer goods and/or services for sale.

depicts a schematic illustrating user-associated deviceand payment device, consistent with disclosed embodiments. In some embodiments, user-associated devicemay be connected to payment deviceover local network. In certain aspects, usermay interact with payment deviceto cause payment applicationto request secure execution of a financial transaction.

User-associated devicemay comprise a device typically carried on or about the person of a user (e.g., user), consistent with disclosed embodiments. In certain aspects, user-associated devicemay be a mobile device. For example, user-associated devicemay be a mobile phone, such as a smartphone; a tablet computer; a portable computer; a smartcard; or a wearable device, such as a smartwatch, optical head-mounted display (OHMD), etc. The location of user-associated devicemay indicate the location of user. For example, the location of a smartwatch may indicate the location of a user of the smartwatch. In some embodiments, user-associated devicemay implement digital wallet.

User-associated devicemay be capable of providing location information, consistent with disclosed embodiments. For example, user-associated devicemay include a GPS receiver. The GPS receiver may receive location information for determining a geographic location of user-associated device. As an additional example, a geographic location of a cellular device, such as a mobile phone or tablet, may be identified using a cellular network signal of the mobile phone or tablet, as would be known by one of skill in the art. As a further example, a geographic location of an internet-connected device may be identified using an Internet Protocol (IP) address of the internet-connected device, as would be known by one of skill in the art.

Local networkmay comprise a short-range network, consistent with disclosed embodiments. In some aspects, the short range network may comprise a Local Area Network (LAN). For example, user-associated deviceand/or payment devicemay be wirelessly connected to the LAN, for example using a Wi-Fi network. As an additional example, user-associated deviceand/or payment devicemay have a wired connection to the LAN. In certain aspects, the short range network may comprise a personal area network. The personal area network may be wireless, and may be implemented using one or more of infrared or radio frequency communication. For example, the personal area network may be implemented using Bluetooth. In various aspects, the short range network may comprise a near field network. The near field network may be implemented using magnetic induction to communicate information between user-associated deviceand payment device. The implementation may comply with a standard, such as the standard described by ECMA-340 and ISO/IEC 18092, or similar standards known to one of skill in the art. In some aspects, short range network may comprise a computer bus. For example, the short range network may be implemented in one or more of Universal Serial Bus (USB), Fire Wire, or a similar interface standard known to one of skill in the art. In some aspects, user-associated devicemay be configured to automatically pair with payment deviceonce within range of the short range network. Manual interaction with one or more of the user-associated deviceor the payment devicemay create an automatic pairing between the user-associated deviceand the payment device. For example, one or more of digital walletor payment applicationmay be configured to instruct userto interact with user-associated deviceand payment deviceto create a Bluetooth link between these devices. Subsequently, when within range, user-associated devicemay automatically connect to payment deviceusing Bluetooth.

Payment devicemay comprise a device configured for providing payment information to merchant system, consistent with disclosed embodiments. In some embodiments, payment devicemay comprise a personal computer. In certain aspects, the personal computer may implement a web browser, such as Chrome™, Internet Explorer®, Firefox®, or Opera™. As described above with reference to, payment applicationmay comprise a web browser plug-in. Payment applicationmay extend the functionality of the web browser. In certain aspects, as described above with reference to, the personal computer may implement payment applicationas a stand-alone application. In some embodiments, payment devicemay comprise a point-of-sale (“POS”) terminal.

depicts a schematic illustrating combined device, consistent with disclosed embodiments. In certain aspects, usermay interact with combined deviceto cause payment applicationto request secure execution of a financial transaction. In some embodiments, combined devicemay comprise a mobile device. For example, combined devicemay be a mobile phone, such as a smartphone; a tablet computer; a portable computer; a smartcard; or a wearable device, such as a smartwatch, OHMD, etc. In certain aspects, combined devicemay implement both digital walletand payment application. Combined devicemay implement a web browser, such as Chrome™ Internet Explorer®, Firefox®, or Opera™. As described above with reference to, payment applicationmay comprise a web browser plug-in. Payment applicationmay extend the functionality of the web browser. In certain aspects, as described above with reference to, combined devicemay implement payment applicationas a stand-alone application. Combined devicemay be configured to enable digital walletto communicate with payment application, according to methods known to one of skill in the art.

depicts a diagram illustrating components of an exemplary device according to some embodiments. One or more of user-associated device, payment device, or combined device, may be generally implemented as illustrated by. According to some embodiments, the exemplary device may include a processor, memory, input/output (I/O) interface(s), and network adapter. These units may communicate with each other via bus, or wirelessly. The components shown inmay reside in a single device or multiple devices.

Processormay be one or more microprocessors, central processing units, or graphics processing units performing various methods in accordance with disclosed embodiments. Memorymay include one or more computer hard disks, random access memory, removable storage, or remote computer storage. In various embodiments, memorystores various software programs executed by processor. I/O interfacesmay include a keyboard, a mouse, an audio input device, a touch screen, or similar human interface device. Network adapterenables the exemplary device to exchange information with components ofover network. In various embodiments, network adaptermay be configured to support wireless or wired networks. In certain aspects, network adaptermay be configured with modules for supporting one or more local area networks, personal area networks, or near field networks. In some aspects, network adaptermay be configured with hubs for supporting computer busses. For example, network adaptermay be configured with one or more USB hubs.

depicts a flowchart illustrating an exemplary process for secure payment using a token, consistent with disclosed embodiments. Usermay interact with payment applicationto request secure payment (step). As described above with respect to, payment devicemay be configured to implement payment application. As a non-limiting example, payment applicationmay be configured to cause payment deviceto display an application interface or web page containing a selectable display element. Payment applicationmay receive a selection of the display element to request a secure transaction. In certain aspects, payment applicationmay receive the selection of the display element using an I/O interface of payment device, such as I/O interface. As a non-limiting example, usermay operate a mouse, touchscreen, or keyboard to provide payment applicationwith the selection. In various aspects, payment applicationmay receive a request for secure payment from userusing network adaptor. For example, based on userinteracting with another device (e.g., user-associated device), payment applicationmay generate a request for secure payment that is then provided to payment deviceover networkusing network adaptor.

As described above with respect to, combined devicemay be configured to implement payment application. As a non-limiting example, payment applicationmay be configured to cause combined deviceto display an application interface or web page containing a selectable display element. Combined devicemay receive a selection of the display element to request a secure transaction. In certain aspects, combined devicemay receive the selection of the display element using an I/O interface of combined device, such as I/O interface. As a non-limiting example, combined devicemay receive the selection when useroperates a mouse, touchscreen, or keyboard to select the display element. In various aspects, usermay select the display element using a network adaptor of combined device, such as network adaptor.

Payment applicationmay be configured to communicate the request for secure payment to digital wallet, consistent with disclosed embodiments (step). In certain aspects, combined devicemay be configured to implement payment applicationand digital wallet. Combined devicemay be configured to pass information between payment applicationand digital walletaccording to methods known to one of skill in the art. In some aspects, payment applicationmay be configured to communicate the request to digital walletusing local network. In some embodiments, payment applicationmay communicate the request for secure payment directly to financial services system, consistent with disclosed embodiments (step). As a non-limiting example, payment applicationmay communicate the request for secure payment using a web service published by financial services system. One of skill in the art would appreciate that multiple methods, protocols, and formats may be used to communicate the request for secure payment directly to financial services systemwithout departing from the disclosed embodiments.

Digital walletmay be configured to communicate the request for secure payment to financial services system, consistent with disclosed embodiments (step). As a non-limiting example, digital walletmay communicate the request for secure payment using a web service published by financial services system. One of skill in the art would appreciate that multiple methods, protocols, and formats may be used to communicate the request for secure payment directly to financial services systemwithout departing from the envisioned embodiments.

Financial services systemmay be configured to generate a one-time use token, consistent with disclosed embodiments. In some embodiments, financial services systemmay generate the token in response to the request for secure payment. In certain aspects, the token may comprise a data structure suitable for automatically transferring information between computer systems, such as an XML document, JSON object, or SOAP message. One of skill in the art would recognize that other data structures may be used without departing from the envisioned embodiments. In some embodiments, financial services systemmay communicate the token to digital wallet, consistent with disclosed embodiments (step).

The token may comprise token information, consistent with disclosed embodiments. In certain aspects, the token information may correspond to static information associated with the financial services account. For example, the token information may correspond to account holder information. Account holder information may include an account holder identifier, such as an account holder name or identification number. Account holder information may include one or more of a billing address, a shipping address, a telephone number, email address, or other account holder attributes relevant to completing an online transaction. As an additional example, the token information may correspond to account information. Account information may comprise an account number, a security code, and/or an expiration date. Authentication codes may include card security codes, including, but not limited to, CVC codes. For example, account information may include one or more of a credit card number, credit card expiration date, or CVC code.

In certain embodiments, financial services systemmay generate one or more tokens prior to receiving a request for secure payment. Financial services systemmay provision digital walletwith one or more tokens for authenticating secure payments. In certain aspects, digital walletmay provide at least one of the provisioned tokens to payment applicationin response to a request for secure payment. For example, digital walletmay provide at least one of the provisioned tokens to payment application, before communicating the request for secure payment to financial services system.

Digital walletmay communicate the token to payment application, consistent with disclosed embodiments (step). As discussed with reference to, in some embodiments, user-associated devicemay implement digital wallet. Payment devicemay implement payment application. Consistent with disclosed embodiments, digital walletmay communicate the token to payment applicationusing local network. As would be recognized by one of skill in the art, the protocol and content for transmitting the token may depend on the implementation of local network. As would be recognized by one of skill in the art, the protocol and content for transmitting the token are not intended to be limiting. As described in detail above with respect to, in some embodiments, combined devicemay be configured to implement both digital walletand payment application. Combined devicemay be configured by one more of digital walletor payment applicationto provide the token to payment applicationaccording to methods known to one of skill in the art.

In some embodiments, authentication systemmay be configured to determine whether user-associated deviceis proximate to payment device. For example, one or more of digital walletor payment applicationmay be configured to make this determination. The presence of user-associated deviceand payment deviceon local networkmay establish proximity, consistent with disclosed embodiments. As described in detail above with respect to, local networkmay comprise a local area network, personal area network, near field network, or computer bus. For example, proximity may be established by a Bluetooth link connecting user-associated deviceand payment device. As an additional example, proximity may be established by an electromagnetic inductive link connecting user-associated deviceand payment device. As a further example, proximity may be established by the presence of user-associated deviceand payment deviceon a common wireless local area network, such as a Wi-Fi network. For example, user-associated deviceand payment devicemay be connected to the same wireless access point, such as a Wi-Fi router.

Geographic location information may establish proximity, consistent with disclosed embodiments. In certain aspects, geographic location information may be available for one or more of user-associated deviceor payment device. For example, the geographic location of one or more of user-associated deviceor payment devicemay be predetermined. For example, payment devicemay be a POS terminal having a known location. In certain aspects, one or more of user-associated deviceor payment devicemay be configured to provide geographic location information. For example, one or more of user-associated deviceor payment devicemay be configured to provide geographic location information using a GPS receiver. As an additional example, one or more of user-associated deviceor payment devicemay be configured to provide geographic location information based on a cellular network signal. As further example, one or more of user-associated deviceor payment devicemay be configured to provide geographic location information based on IP address information. For example, payment devicemay be a POS terminal having a predetermined location, and user-associated devicemay be configured to provide geographic location information using a GPS receiver.

Authentication systemmay be configured to deny the request for secure payment unless conditions are satisfied, consistent with disclosed embodiments. In some embodiments, authentication systemmay be configured to deny the request for secure payment based on a status of digital wallet. For example, authentication systemmay be configured to require that digital walletbe running. As a further example, authentication systemmay be configured to require that digital walletbe currently open, maximized, selected, or the like. In certain embodiments, authentication systemmay be configured to deny the request for secure payment unless user-associated deviceis proximate to payment device. In certain aspects, financial services systemmay be configured to deny the request for secure payment. In some aspects, digital walletmay be configured to deny the request for secure payment. In various aspects, payment applicationmay be configured to deny the request for secure payment. As a non-limiting example, denial of the request for secure payment may comprise not communicating or receiving the request for secure payment or the token, or not generating the token in response to receiving the request for secure payment. As an additional non-limiting example, denial of the request for secure payment may include providing an indication of the denial to user(via, e.g., payment deviceor combined device). In various embodiments, authentication systemmay be configured to require authentication of user. In certain aspects, digital walletmay be configured to require authentication of user. In certain aspects, digital walletmay be configured to require such authentication before communicating a request for secure payment to financial services system(step). In certain aspects, digital walletmay be configured to require such authentication before communicating a token to payment application(step). Digital walletmay be configured to accept credentials to authenticate user. Credentials may include information confirming the identity of user. As a non-limiting example, credentials may include one or more of a user name or password associated with user. As an additional non-limiting example, credentials may include an authentication token provided by an authentication server. The particular method of authentication is not intended to be limiting, as would be recognized by one of skill in the art. In various aspects, payment applicationmay be configured to require authentication of user. In certain aspects, payment applicationmay be configured to require such authentication before communicating a request for secure payment to digital services system(step). Payment wallet(step), or financial applicationmay be configured to accept credentials to authenticate user. Credentials may include information confirming the identity of user. As a non-limiting example, credentials may include one or more of a user name or password associated with user. As an additional non-limiting example, credentials may include an authentication token provided by an authentication server. The particular method of authentication is not intended to be limiting, as would be recognized by one of skill in the art.

As described above with respect to, authorization of a financial transaction may require communication of static information, such as information defining and/or describing the financial transaction, to merchant system. Consistent with disclosed embodiments, payment applicationmay be configured to communicate token information to merchant systemin place of at least a portion of otherwise required static information (step). In certain aspects, payment applicationmay be configured to communicate the remaining portion of the required static information and the token information. For example, a credit card transaction may require payment applicationto provide a credit card number. Consistent with disclosed embodiments, payment applicationmay provide token information in place of the credit card number. As an additional example, a credit card transaction may require payment applicationto provide a CVC code. Consistent with disclosed embodiments, payment applicationmay provide token information in place of the CVC code. As a further example, a credit card transaction may require payment applicationto provide a billing and/or shipping address. Consistent with disclosed embodiments, payment applicationmay provide token information in place of the billing and/or shipping address. In some embodiments, the token information may replace all of the required static information. For example, the credit card number, expiration date, and CVC code may be replaced by the token information.

In some embodiments, payment applicationmay be configured to communicate token information indirectly to merchant system. For example, payment applicationmay be configured to provide token information using one or more web pages. Payment applicationmay be configured to display the one or more web pages according to instructions received from merchant system. As described in greater detail with respect to, the one or more web pages may include forms for entering the required static information. In certain aspects, payment applicationmay be configured to autofill the forms with the token information. In various aspects, payment applicationmay be configured to permit userto copy the token information into the form from the clipboard of payment deviceor combined device. Payment applicationmay be configured to submit the forms to the merchant system.

In some embodiments, payment applicationmay be configured to communicate token information directly to merchant system. For example, payment applicationmay be configured to communicate token information using an Application Program Interfaces (“API”). As a non-limiting example, one or more of payment applicationor merchant systemmay expose an API for communicating the token information. As a non-limiting example, payment applicationmay communicate the token information using a web service published by one or more of payment applicationor merchant system. In certain aspects, payment applicationmay be configured to communicate the token comprising the token information. In some aspects, payment applicationmay be configured to modify the token, or repackage token information into a new data structure. One of skill in the art would appreciate that multiple methods, protocols, and formats may be used to communicate the token information directly to merchant systemwithout departing from the disclosed embodiments.

Payment application may request confirmation from userto communicate one or more of the token information or remaining static information, consistent with disclosed embodiments. For example, payment applicationmay request confirmation from userprior to submitting the forms. As an additional example, payment applicationmay request user confirmation prior to directly providing one or more of the token, the token information, or the remaining static information. As a non-limiting example, payment application may request confirmation by displaying a selectable graphical user interface element. As a further non-limiting example, usermay be presented with a dialog box including an option to confirm communication of the information.